[Bug 2333] New: forbid old Ciphers, KexAlgorithms and MACs by default

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 8 05:38:57 AEDT 2015 

https://bugzilla.mindrot.org/show_bug.cgi?id=2333

            Bug ID: 2333
           Summary: forbid old Ciphers, KexAlgorithms and MACs by default
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: kolAflash at kolahilft.de

OpenSSH shouldn't allow old Ciphers, KexAlgorithms and MACs by default,
if they are not explicitly enabled in the the servers or users
configuration file.
(should be still possible to enable those by configuration file, if
user wishes so)


I'm thinking of disabling (by default) these:
Ciphers
  arcfour256,
  arcfour128,
  3des-cbc,
  arcfour

Maybe also disable by default:
Ciphers
  blowfish-cbc,
  cast128-cbc,
  aes192-cbc,
  aes256-cbc
I'm not quite sure about these.
Especially about blowfish. I guess it's deprecated by twofish?

Also disable these (by default):
KexAlgorithms
  diffie-hellman-group-exchange-sha1,
  diffie-hellman-group14-sha1,
  diffie-hellman-group1-sha1

And disable these (by default):
MACs
  hmac-md5-etm at openssh.com,
  hmac-sha1-etm at openssh.com,
  umac-64-etm at openssh.com,
  hmac-sha1-96-etm at openssh.com,
  hmac-md5-96-etm at openssh.com,
  hmac-md5,hmac-sha1,
  umac-64 at openssh.com,
  hmac-sha1-96,
  hmac-md5-96


Maybe NIST curves should be disabled by default too.
At least since OpenSSH has ed25519!


--

These are the algorithms I currently got enabled:

KexAlgorithms
curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256

Ciphers
chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

MACs
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-ripemd160-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-ripemd160 at openssh.com


These are my sources of information:

https://stribika.github.io/2015/01/04/secure-secure-shell.html

https://bettercrypto.org/static/applied-crypto-hardening.pdf

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list